4969 matches found
GHSA-F7PM-6HR8-7GGM vulnerabilities
Vulnerabilities for packages: nextcloud-server...
CVE-2026-30964 vulnerabilities
Vulnerabilities for packages: nextcloud-server...
GHSA-F7PM-6HR8-7GGM vulnerabilities
Vulnerabilities for packages: nextcloud-server...
CVE-2026-30964 vulnerabilities
Vulnerabilities for packages: nextcloud-server...
Nextcloud: SMIL values and by attributes bypass remote image blocking via unvalidated resource-loading animations, enabling email tracking without consent
A vulnerability was discovered in the HTML sanitizer of the Roundcube webmail client. The vulnerability allowed attackers to bypass the "Block remote images" security feature by using SMIL animation attributes to load arbitrary external resources without validation. This could have enabled email...
CVE-2026-28474
OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and...
Fedora 44 : nextcloud (2026-94519b94d8)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-94519b94d8 advisory. 32.0.6 release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
Remote code execution in Nextcloud Flow via vulnerable Windmill version
None...
Fedora 43 : nextcloud (2026-ae48fa379e)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ae48fa379e advisory. 32.0.6 release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
CVE-2026-28474
OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and...
CVE-2026-28474
OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and...
CVE-2026-28474
OpenClaw's Nextcloud Talk plugin (versions prior to 2026.2.6) is affected by a flaw in equality matching on the mutable actor.name display name used for allowlist validation, allowing an attacker to spoof a display name to match an allowlisted user ID and gain unauthorized access to restricted co...
EUVD-2026-9920
OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and...
CVE-2026-28474 OpenClaw Nextcloud Talk < 2026.2.6 - Allowlist Bypass via actor.name Display Name Spoofing
OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and...
CVE-2026-28474 OpenClaw Nextcloud Talk < 2026.2.6 - Allowlist Bypass via actor.name Display Name Spoofing
OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and...
CVE-2026-28474
OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and...
Fedora 42 : nextcloud (2026-889607c7a0)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-889607c7a0 advisory. 32.0.6 release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
OpenClaw's Nextcloud Talk webhook replay could trigger duplicate inbound processing
Summary When Nextcloud Talk webhook signing was valid, replayed requests could be accepted without durable replay suppression, allowing duplicate inbound processing after replay-window expiry or process restart. Details OpenClaw's Nextcloud Talk webhook path verified HMACsecret, random + body but...
GHSA-R9Q5-C7QC-P26W OpenClaw's Nextcloud Talk webhook replay could trigger duplicate inbound processing
Summary When Nextcloud Talk webhook signing was valid, replayed requests could be accepted without durable replay suppression, allowing duplicate inbound processing after replay-window expiry or process restart. Details OpenClaw's Nextcloud Talk webhook path verified HMACsecret, random + body but...
PT-2026-26224
Summary When Nextcloud Talk webhook signing was valid, replayed requests could be accepted without durable replay suppression, allowing duplicate inbound processing after replay-window expiry or process restart. Details OpenClaw's Nextcloud Talk webhook path verified HMACsecret, random + body but...